Summary
bnormal
Cloud Email Security Platform takes a data-science approach and leverages
API-based integrations to stop targeted attacks. It combines three key
features: an identity model, a relationship graph and content analysis. These
methods help create a high-confidence decision engine to reduce the number of
false positives.
The
cloud platform integrates directly with cloud email platforms using APIs. That
way, email platforms work with or without an email gateway in place and offer
visibility into the internal email functionality. The API-based architecture
allows Abnormal Security to integrate within minutes without an MX record
change and enables time-of-delivery blocking as well as post-delivery
remediation. Visibility is improved through the analyses of inbound, outbound
and internal email communications.
The
abnormal behavior technology is a triangulation of three concepts that drive
high confidence in detection and eliminates many false positives: federal
identity; baseline behaviors; and content analysis. A data-science approach,
composite analysis and attack-agnostic nature give this solution a distinct
competitive advantage because it derives analytical conclusions from a robust
big picture and detects unknown threats.
To
understanding user behavior, Abnormal Security builds robust, stateful models
of both internal and external identities. Internally, it collects data on
everything from directory information to application usage. Abnormal Security
also has a unique approach to relationship analysis. By deciphering
communication email tones, artificial intelligence determines the strength of a
relationship between two correspondents. Abnormal Security leverages machine
learning technology to detect anomalous behavior and flag emails as suspicious.
Email
content inspection is granular and runs the content through deep URL analysis,
computer vision analysis, natural language processing and cross-references
threat intelligence. Auto-remediation moves a malicious email from the inbox
into the junk folder as soon as it is detected.
Administrators
can see items like attack score, analysis overview and content analysis. This
information helps determine with high confidence that an email is malicious or
otherwise compromised. There are several widgets on the dashboard with robust
drilldown capabilities, but there are also some aspects we found cumbersome and
would recommend adjusting, like the small text and plain design. We would have
liked the ability to search threat intelligence more in depth. However, the
dashboard provides a lot of information.
Pricing
begins at $3 per user/month and includes SaaS Service with 24/7 support and a
technical account manager.
Tested by Matthew Hreben